Blog

This is the third post in a series on Cyber Security Preparedness, and follows steps to gain Cyber Security Awareness and Assess Security Controls. Today we focus on improving Threat Intelligence and Collaboration.

Electronic crime is no longer confined to the big screen. Real money is being lost, and in an increasingly wide range of industries. It is time to study today’s failures, learn from them, and better prepare for cyber risk.

If a tree falls in the woods, it does make a sound? If you’re not close enough to hear it, find someone who is and learn from them. It’s called collaboration. Begin your learning there.

The single most important source I have for threat intelligence is Infragard. This public/private forum shares confidential DHS and the FBI information to verified members. Unlike other public sources, the threat indicators shared can be configured into my security infrastructure, leading to advanced detection and prevention capabilities. Professional forums such as ISACA, ISSA, ISC2, and the like establish peer contacts which further extend my reach for information sharing and collaboration.

Public forums such as the SANS Internet Storm Center, US-CERT, and the daily Cyberwire keep me informed on the changing threat landscape. Weekly or monthly security updates are no longer acceptable. Increasingly, zero day exception processing overrules standard business as usual threat and vulnerability management activities.

References:

1. https://www.isaca.org/
2. https://issa.org/
3. https://www.isc2.org/
4. https://isc.sans.edu/
5. US-CERT -now- https://www.cisa.gov/
6. https://www.thecyberwire.com/newsletters

Investors learnt years ago that automation can keep costs down.  Factories and other process control applications have been retooled time and again.  SCADA now rules.  But what if an attacker denied you such services?

History shows that Supervisory Control and Data Acquisition (SCADA) was introduced nearly 75 years ago.  Generations later, implementations creped onto our networks by way of an open systems architecture.  Such innovations may lead to it’s downfall unless investments are made in the rising threat landscape.

A recent article in CSO states that “Attacks against industrial control systems double” when analyzing traffic between 2013 and 2014.  Malware has been developed for the SCADA technology with all new exploit kits including it.

Note:

References to articles used in this post are no longer accessible.

This post is second in a series on Cyber Security Preparedness, and follows step 1: Cyber Security Awareness.  Today we look at the establishment of Critical Security Controls.

As security professionals, we all know that assurances come through the process of establishing and measuring controls.  Cyber security is no different. 

The Council on Cybersecurity, Center of Internet Security, SANS, and others have compiled a list of Critical Security Controls – now in their 5th revision.  The document provides a roadmap for implementing the 20 critical security controls (CSC) and many associated sub controls.  Has CSC been added to your control framework?  Start your assessment now before the next incident or audit.

Five key sub-controls are your starting point:

1. CSC 2.1 – Deploying application white-listing technology
2. CSC 3.1 – Implementing a configuration standard operating systems
3. CSC 3.2 – Automating the patching of the OS and Applications
4. CSC 3.3 – Limiting administrative privileges
5. CSC 4.1 – Perform automated vulnerability scans at least weekly

The foundation is established through numerous other Quick Wins.  Further refinement is offered through sub-controls to add Visibility and improve Configurations.  

Note:

Critical Security Controls have been considerably advanced since this post. Version 5 is no longer accessible. For the latest control set, see: https://www.cisecurity.org/controls/v8